PermissionRequiredMixin AccessMixin permission_denied_message

Question

OK so I don't know why django displays a "403 Forbidden" when PermissionDenied exception is raised with the permission_denied_message variable also inserted. I would like to display my own custom message. Not sure what am doing wrong though. Here is my code

class ProfileFormView(PermissionRequiredMixin, generic.UpdateView):
    permission_required = 'shop_buy.change_userprofile'
    raise_exception = True
    permission_denied_message = 'Permission Denied'
    model = UserProfile
    fields = ['location', 'gender', 'profile_picture']
    template_name_suffix = '_form'

Answer 1

From the documentation:

Django has a view to handle 403 Forbidden errors... This view loads and renders the template 403.html in your root template directory, or if this file does not exist, instead serves the text “403 Forbidden”, as per RFC 7231#section-6.5.3 (the HTTP 1.1 Specification).

So the default response is just two words: "403 Forbidden" - it doesn't show the exception message. If you want to display the exception (which is available in the view context) you need to provide your own 403.html template which displays it. Something like this would work:

<h1>403 Forbidden</h1>
<p>{{ exception }}</p>

Note that the exception only became available in the template in Django 1.9.

Also note that you may not always want to make the contents of the exception public!